Overview#

PrimaryGroupID is an AttributeType used in Microsoft Active Directory

Contains the Relative IDentifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.

The PrimaryGroupID attribute on a user/group object holds the RID of the primary group. A user's primary group MUST be a group that exists in the user's primary AD DOMAIN. The SID for the primary group can be built by concatenating the domain RID with the PrimaryGroupID attribute of the user object. For example, the domain RID could be S-1-111-222-333 and the value of the primarygroupID could be abc. The SID of the primary group would then be S-1-111-222-333-abc.

LDAP Attribute Definition#

The PrimaryGroupID AttributeTypes is defined as:

• OID of 1.2.840.113556.1.4.98
• NAME: PrimaryGroupID
• DESC:
• EQUALITY:
• ORDERING:
• SYNTAX: 1.3.6.1.4.1.1466.115.121.1.27 (Integer)
  • UPPERBOUND: 4 Bytes
• SINGLE-VALUE
• USAGE: UserApplications
• Extended Flags:
• Used as MUST in:
• Used MAY in:
  • Computer
  • InetOrgPerson
  • user

More Information#

There might be more information for this subject on one of the following:

• 1.2.840.113556.1.4.98
• Active Directory Groups
• Domain Users
• GROUP_SECURITY_INFORMATION
• MSFT Access Token
• MemberOf
• ObjectSID
• Security Descriptor
• User

---

• [#1] - Primary-Group-ID attribute - based on information obtained 2018-03-28-